Digitala Vetenskapliga Arkivet

Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Security from a Systems Thinking Perspective - Applying Soft Systems Methodology to the Analysis of an Information Security Incident
Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.ORCID-id: 0000-0002-5701-2569
Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
2014 (Engelska)Ingår i: Proceedings of the 58th Meeting of ISSS, Washington DC, USA, July 2014, International Society for the Systems Sciences (ISSS) , 2014Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Applying systems theory to information security enables security analysts to consider the socio-technical role of the security system instead of only focusing on the technical part. Systems theory can also equip security analysts with the skills required to have a holistic and an abstract level of understanding of the security problem in their organisations and to proactively define and evaluate existing risks. The Soft Systems Methodology (SSM) developed by Peter Checkland was created in order to deal with unstructured situations where human beings are part of the socio-technical system. In this paper, SSM is applied as a framework to diagnose a real case security incident in an organisation. The purpose of this application is to demonstrate how the methodology can be considered a beneficial tool for security analysts during security incident management and risk analysis. Literature review and experience indicate an existing lack of customisable incident response tools that facilitate communication and elaboration within organizations during incident management. In addition to the fact that these tools are mainly technical and don’t take the human factor into consideration. Using SSM as such, we define the security attack as a human activity transformation system that transforms a security event triggered by an attacker into a security breach that cause damage to the victim organisation. The attack system is then modelled to include a number of dependent activity sub-systems that interact with each other and their environment including the security control activity systems. By having such systemic perception of a security attack, security analysts, we suggest, can have a holistic perception under what conditions a security attack has succeeded and what elements of the socio-technical system and its environment should have been considered in order to mitigate and reduce the risk exposure.

Ort, förlag, år, upplaga, sidor
International Society for the Systems Sciences (ISSS) , 2014.
Serie
Proceedings of the annual meeting of the ISSS, E-ISSN 1999-6918
Nyckelord [en]
SSM, Socio-Technical Approach, Information Security, Security Approach, Security Incident
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
data- och systemvetenskap
Identifikatorer
URN: urn:nbn:se:su:diva-114736ISBN: 978-1-5108-0371-8 (tryckt)OAI: oai:DiVA.org:su-114736DiVA, id: diva2:793846
Konferens
The 58th Meeting of ISSS, Washington DC, USA, 27 July – 1 August, 2014
Tillgänglig från: 2015-03-09 Skapad: 2015-03-09 Senast uppdaterad: 2022-02-23Bibliografiskt granskad
Ingår i avhandling
1. Cybersecurity Incident Response: A Socio-Technical Approach
Öppna denna publikation i ny flik eller fönster >>Cybersecurity Incident Response: A Socio-Technical Approach
2019 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

This thesis examines the cybersecurity incident response problem using a socio-technical approach. The motivation of this work is the need to bridge the knowledge and practise gap that exists because of the increasing complexity of cybersecurity threats and our limited capability of applying cybersecurity controls necessary to adequately respond to these threats. Throughout this thesis, knowledge from Systems Theory, Soft Systems Methodology and Socio-Technical Systems is applied to examine and document the socio-technical properties of cybersecurity incident response process. The holistic modelling of cybersecurity incident response process developed concepts and methods tested to improve the socio-technical security controls and minimise the existing gap in security controls.

The scientific enquiry of this thesis is based on pragmatism as the underpinning research philosophy.  The thesis uses a design science research approach and embeds multiple research methods to develop five artefacts (concept, model, method, framework and instantiation) outlined in nine peer-reviewed publications. The instantiated artefact embraces the knowledge developed during this research to provide a prototype for a socio-technical security information and event management system (ST-SIEM) integrated with an open source SIEM tool. The artefact relevance was validated through a panel of cybersecurity experts using a Delphi method. The Delphi method indicated the artefact can improve the efficacy of handling cybersecurity incidents.

Ort, förlag, år, upplaga, sidor
Stockholm: Department of Computer and Systems Sciences, Stockholm University, 2019. s. 133
Serie
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 19-007
Nyckelord
cybersecurity incident response, SIEM, cybersecurity warning systems, socio-technical approach, organisation security culture
Nationell ämneskategori
Datorsystem Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning
Forskningsämne
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-167873 (URN)978-91-7797-715-5 (ISBN)978-91-7797-716-2 (ISBN)
Disputation
2019-06-07, L30, NOD-huset, Borgarfjordsgatan 12, Kista, 10:00 (Engelska)
Opponent
Handledare
Tillgänglig från: 2019-05-15 Skapad: 2019-04-10 Senast uppdaterad: 2022-02-26Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Free full text

Sök vidare i DiVA

Av författaren/redaktören
Al Sabbagh, BilalKowalski, Stewart
Av organisationen
Institutionen för data- och systemvetenskap
Systemvetenskap, informationssystem och informatik

Sök vidare utanför DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 405 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf